Category: Cyber Security

This week the CIA revealed that they belive it was Russia behind the NotPetya attacks that hit in June 2017. They used an attack vector know as a “Watering Hole”. This method infects a website in which they know their targets will be visiting.

In the case of NotPetya the website was a Ukrainian site that deployed updates for tax and accounting software. One the malware had been deployed it appeared to be a ransomware attack. But unlike WannaCry , NotPetya wiped and erased all information on the infected system. This means the attacker where not after money. It was a disruptive nuance attack that could have potently erased a large amount of sensitive data.

There has been increasing tension between Russia and Ukraine and considering that Russia has increased it level of aggression in recent months it comes as no surprise that they have begun lunching cyber attacks on this scale.

Kaspersky Lab’s recently published their threat predictions for 2018, this report is complied using research and information from their anti-virus software. And with 2017 have seen threats such as WannaCry and NotPetya, 2018 might have a lot in store for it.

Supply Chain Attacks

A supply chain attack is a method used by attackers to breach the security of a companies without directly attacking their target. This means that the find a software vendor or other form os supplier and attack them. Once breach they have the ability to deploy an infected update through the compromised companies to their target.

During 2017 Kaspersky highlights Shadowpad, CCleaner and ExPtr/NotPetya. Kaspersky predicts that the number of supply chain attacks to not only be detected but also at the point of attack to increase. While they have not published any statistics they have been able to analyze this method of attack and belive it will be a popular attack vector in 2018.

High-End Mobile Malware

Over the past decade smart phone usage has become part of every day life, and due to this attackers have moved away from the conventual platforms to deliver malware. Kasperky predicts that their will an increase in hard to detect and remove malware on mobile device. An example of this would be the Shedun Trojan that in many cases took reinstalling the devices operating system to remove.

They also go on to point out that due to iOS being locked down and not allowing users the ability to scan the system, that users of Android are in a better position due to the being anti-virus solutions available on android. Although this could be due to their Android product, it gives food for thought that 2018 might have a lot in store for iOS in regard to security.

BeEF-like compromises with web profiling

The report also highlights that due to improvements in security and a great level of awareness, operating systems are getting much harder to find vulnerabilities in. The price of a zero-day exploits can be anywhere up to $1,500,000 for a remote iOS jailbreak with persistence attacks. With prices like this there is a hight chance that 2018 will see teams of both security researcher and also hacker hunting for these zero-day exploits.

UEFI and Bios Attacks

They have also predicted that 2018 will see a lot more UEFI-based malware. This attack vector can be rather dangerous as UEFI can allow for executables to be installed before the operating system has even booted. This can result in malware being deployed and installed before the systems anti-virus has been installed. As a result they are under the impress than there will be much more of this style of malware detected in 2018.

Destructive Attacks

According to the report there will be a greater amount of destructive attacks detected. The malware or wipers can remain dormant and infect numerous systems just as a normal worm would. But when activated the virus will then erase all of the data on the system. It is an effective and devastating method of cyber warfare resulting in their prediction of a raise in 2018.

Subversion of Cryptography

In todays age staying anonymous online is in the back of many people’s minds, after Snowden leaked documents highlighting mass surveillance. Kasbersky reports that a number of backdoor’s have been found in VPN networks. It also notes that the NSA appears to be behind these backdoor’s after paying companies to put them in. While in a lot of case this might not seem all that worrying, but their prediction of 2018 seeing more vulnerabilities of this nature is rather worrying.

Router And Modem Hacks

During 2017 there was a massive vulnerability found in a large number of routers, the report also highlights how they belive we will see a lot more of these styles of attacks through 2018. They go on to explain that in some large-scale operations the router and modems will remain unpatched and un-watched for a long period of time opening them up all sorts of attacks.

Kaspersky Lab’s have published one of the earliest 2018 threat predicitions, and we will have to see how some of the other big security vendor think 2018 is going to go in terms of cyber security.

In a world when daily internet access is part and parcel of life, it is hard to avoid the many threats that are out there lurking in the ‘wild’. And with so many type of malware out their its hard to know the difference.
Each type of malware has its own purpose and threats associated with it, while hopefully most people us an Anti-Virus program there are still a number whom don’t.

A Trojan virus lends its name from the greek myth of the trojan Horse, while these days the delivery package is not a giant wooden horse it does has as devastating of an effect. The premise of a Trojan virus is to alow a remote user or attacker access to your system, or allowing them the ability to make changes on the system.

There are 14 Main types of trojans, each with very similar fundamentals but their over all goal can differ. When a system is infected with a Trojan an attacker can execute actions without the owner of the systems permissions. And in many cases without them even knowing.

Although initially it was mainly windows PC’s affected by Trojan’s in recent years the number on Android devices has increased at an exponential rate. Due to the unauthorised applications that can be installed on Android devices has opened them up to these type of attacks.

Notable Trojan Viruses

Shedun

The Shedun virus come from a family of malware, its primary platform is Android devices and was originally discovered in 2015. The virus would then redesign legitimately installed applications and flood them with ads. It is very difficult to remove and in many cases cannot be removed unless the device is rooted and them flash with a custom ROM.

Blackhole exploit Kit

The Blackhole exploit was one of the most effective and wide-spread viruses during 2012. Sophos stated that 29% of all web threats were caused by the Blackhole exploit kit. When this virus was active on a system it recorded huge amounts of data, including the victims county, browser type and the operating system they where using.

Tiny Banker Trojan

The Tiny Banker Trojan’s target of choice was financial organisations websites. The attack vector in use is a man-in-the-browser. This means that it intercepts the data between the user and the web server.
The Tiny Banker Trojan is based on the Banker Trojan but has been reduced in size and been made more powerful.
Once the Virus has been deployed on a site any information such as login details or bank details can be stolen and then used for malicious or illegal purposes.

Gh0st RAT

The Gh0st RAT targeted Windows systems as was able to infect a number of very sensitive systems. The RAT or Remote Access Terminal also for the attacker to take complete control of the infected system. This can be used to perform keylogging activity, provide recording of webcams and also displaye user input to name a few.

MiniPanzer and MegaPanzer

MiniPanzer and MegaPanzer are variants from Bundestrojaner (German for state-sponcered Trojan Horse) It was designed for the swiss government and then later used to capture information.

As long as your system has a anti-virus application and your careful about how you use the internet, your changes of being infected by a Trojan is reduced massively. And with new malware appearing everyday there could be numerous Trojan’s out their in the wild that are yet to be detected by anti-virus companies and then added to their database.

And in many cases you may be unaware that your system has been infected as the attacker could simply be collecting data on you to used at a later date.

When WannaCry hit the affect it had on such a wide range of individuals was almost unprecedented. And the aftermath as a result has had a detrimental effect on future ransomware.

An attack on this scale not only brought a huge amount of media attention, but unlike many other virus attacks WannaCry became a house hold name. Not only was it effecting ATM machines and the NHS but other companies were forced to send staff home as they were unable to operation do to the virus.

Although the total amount paid to the attacker is still unclear, it is much less than it should have been. Due to security researchers speedy response many users effected were able to avoid paying the hefty ransom. Unfortunately for any would be cyber criminals, WannaCry appears to have killed ransomware as a viable option of attack.

Because of the publicity received by WannaCry, people were made aware of these types of attacks. And security vendors such as Bitdefender soon implemented an anti-ransomware feature into their products. This features stops unauthorised applications making changes to the computer in areas they have not been given permission to.

I personally feel that if WannaCry had not have effected so many across the globe then ransomware would still be a relatively effective method of cyber-crime. But due to people’s awareness becoming greater and security vendors taking action. There are numerous sites on the internet offering guides of how to ‘defend’ against a ransomware attack, and the most common tip is to make regular backups. This method relays on the back up remains unaffected by the virus, but ultimately would alow for the user to restore their system and avoid paying the fee.

Another solution that I have seen online is to use cloud based services such as OneDrive and Google Drive. If a users personal data is backed up to a cloud service then in the event of a ransomware attack it will agin remain unaffected.

Granted the solutions mentioned are not the best method for a larger organisation as a cloud based services could potentially be unviable depending on the size of the organisation. And to have a complete back up of every system within a large business is again not the easier thing to achieve.

While there maybe be future ransomware attacks, hopefully the number affected this time around will be significantly less than WannaCry. And my hope would be that with the increased publicity around ransomware individuals and organisation have taken the steps and precautions to protect them self and their systems from an attack of these natures.